Blame SOURCES/scap-security-guide-0.1.64-ospp_grub_disable_recovery-PR_9321.patch

9e17c9
From b36ecf8942ce8dea0c4a2b06b4607259deaf3613 Mon Sep 17 00:00:00 2001
9e17c9
From: Vojtech Polasek <vpolasek@redhat.com>
9e17c9
Date: Wed, 10 Aug 2022 09:59:57 +0200
9e17c9
Subject: [PATCH] switch rule grub2_disable_interactive_boot for
9e17c9
 grub2_disable_recovery in rhel8 ospp
f386a0
f386a0
---
9e17c9
 .../system/bootloader-grub2/grub2_disable_recovery/rule.yml     | 1 +
9e17c9
 products/rhel8/profiles/ospp.profile                            | 2 +-
9e17c9
 tests/data/profile_stability/rhel8/ospp.profile                 | 2 +-
9e17c9
 4 files changed, 3 insertions(+), 3 deletions(-)
f386a0
f386a0
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml
9e17c9
index 4f8d4ddcfde..fb126cbe7d8 100644
f386a0
--- a/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml
f386a0
+++ b/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml
f386a0
@@ -17,6 +17,7 @@ rationale: |-
f386a0
 severity: medium
f386a0
 
f386a0
 identifiers:
f386a0
+    cce@rhel8: CCE-86006-4
f386a0
     cce@rhel9: CCE-85986-8
f386a0
 
f386a0
 references:
f386a0
diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile
9e17c9
index ebec8a3a6f9..6e3b30f64bb 100644
f386a0
--- a/products/rhel8/profiles/ospp.profile
f386a0
+++ b/products/rhel8/profiles/ospp.profile
f386a0
@@ -304,7 +304,7 @@ selections:
f386a0
     ## Disable Unauthenticated Login (such as Guest Accounts)
f386a0
     ## FIA_UAU.1
f386a0
     - require_singleuser_auth
f386a0
-    - grub2_disable_interactive_boot
f386a0
+    - grub2_disable_recovery
f386a0
     - grub2_uefi_password
f386a0
     - no_empty_passwords
f386a0
 
f386a0
diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
9e17c9
index 21e93e310d5..267b66a4f89 100644
f386a0
--- a/tests/data/profile_stability/rhel8/ospp.profile
f386a0
+++ b/tests/data/profile_stability/rhel8/ospp.profile
f386a0
@@ -89,7 +89,7 @@ selections:
f386a0
 - ensure_redhat_gpgkey_installed
f386a0
 - grub2_audit_argument
f386a0
 - grub2_audit_backlog_limit_argument
f386a0
-- grub2_disable_interactive_boot
f386a0
+- grub2_disable_recovery
f386a0
 - grub2_kernel_trust_cpu_rng
f386a0
 - grub2_page_poison_argument
f386a0
 - grub2_pti_argument